Lucene search
K

386 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

An attacker was able to execute code in the content process by exploiting a use-after-free in Animation timelines. There have been reports of this vulnerability being exploited in real-world scenarios. This vulnerability affects Firefox 131.0.2, Firefox ESR 128.3.1, Firefox ESR 115.16.1,...

9.8CVSS7.6AI score0.32568EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2026/06/05 12:0 a.m.12 views

MalSkillBench: A Runtime-Verified Benchmark of Malicious Agent Skills

AI coding agents such as Claude Code and Gemini CLI increasingly extend themselves with third-party skills: markdown packages bundling natural-language instructions, executable scripts, and tool permissions. Because a skill is at once code and agent-facing instruction, it introduces a supply chai...

5.6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/22 11:42 p.m.75 views

Exploit for Link Following in Microsoft

Microsoft Defender Vulnerability Scanner 🛡️ CVE-2026-41091...

7.8CVSS6AI score0.63076EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/05/15 6:19 a.m.16 views

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 CVSS score: 8.1, has been described as a spoofing bug stemming from a cross-site scriptin...

8.1CVSS5.9AI score0.0564EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.11 views

PT-2026-41417

Claude Mythos Preview case studies also, read your transcripts! https://t.co/drNlAH5mLE "Mythos demonstrates its bug reproduction and exploitation capabilities on CVE-2024-051912, an in-the-wild exploited bug that has no public report nor a working PoC whatsoever in the public domain. This bug ha...

5.8AI score
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2026/05/06 1:27 p.m.8 views

Critical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300)

Overview On May 6, 2026, Palo Alto Networks published a security advisory for CVE-2026-0300, a critical unauthenticated buffer overflow vulnerability affecting PAN-OS PA-Series and VM-Series firewall appliances. Prisma Access, Cloud NGFW, and Panorama appliances are not affected by this...

9.8CVSS6.8AI score0.36157EPSS
Exploits6
Wiz blog
Wiz blog
added 2026/05/06 12:33 p.m.8 views

Critical Buffer Overflow Vulnerability in PAN-OS Exploited in-the-Wild

Detect and mitigate CVE-2026-0300, a critical vulnerability in Palo Alto Networks PAN-OS User-ID Authentication Portal that allows unauthenticated attackers to achieve remote code execution RCE with root privileges...

9.8CVSS6.7AI score0.36157EPSS
Exploits6
Information Security Automation
Information Security Automation
added 2026/04/28 6:0 p.m.14 views

April "In the Trend of VM" (#26): one Microsoft SharePoint vulnerability

April "In the Trend of VM" 26: one Microsoft SharePoint vulnerability. Presenting the traditional monthly roundup of trending vulnerabilities according to Positive Technologies. Once again, it is single-vendor, Microsoft-related, and this time it could not be more compact. While the previous Marc...

9.8CVSS5.8AI score0.31109EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/04/13 6:49 p.m.172 views

Exploit for Improper Access Control in Fortinet Forticlientems

CVE-2026-35616 - FortiClient EMS Pre-Authentication API Bypass...

9.8CVSS6.5AI score0.88505EPSS
Exploits8
Malwarebytes
Malwarebytes
added 2026/04/13 11:38 a.m.10 views

Simply opening a PDF could trigger this Adobe Reader zero-day

Opening the wrong PDF in Adobe Reader was enough to let criminals quietly spy on your computer and unleash more attacks, even though everything looked normal. A researcher analyzed a malicious PDF and found that it abused a previously unknown flaw a “zero‑day” in Adobe Acrobat Reader. When a vict...

8.6CVSS7.9AI score0.07086EPSS
Exploits4
The Hacker News
The Hacker News
added 2026/04/07 5:56 a.m.13 views

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

Threat actors are exploiting a maximum-severity security flaw in Flowise , an open-source artificial intelligence AI platform, according to new findings from VulnCheck. The vulnerability in question is CVE-2025-59528 CVSS score: 10.0, a code injection vulnerability that could result in remote cod...

10CVSS6.4AI score0.90183EPSS
Exploits25
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.8 views

FortiClient EMS 7.4.6 Vulnerability Assessment Tool

CVE-2026-35616 is a pre-authentication API bypass in FortiClient EMS 7.4.5 and 7.4.6 that allows remote, unauthenticated attackers to bypass certificate-based authentication through HTTP header spoofing. The Django application trusts user-controllable HTTP headers X-SSL-CLIENT-VERIFY,...

9.8CVSS6.1AI score0.88505EPSS
Exploits8
The Hacker News
The Hacker News
added 2026/04/01 11:42 a.m.15 views

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released

Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity vulnerability, CVE-2026-5281 CVSS score: N/A, concerns a use-after-free bug in Dawn, an open-source and...

8.8CVSS7.5AI score0.2202EPSS
Exploits13
Microsoft CVE
Microsoft CVE
added 2026/03/17 1:9 a.m.23 views

Chromium: CVE-2026-3909 Out of bounds write in Skia

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware that an exploit for CVE-2026-3909 exists in the wild...

8.8CVSS6.9AI score0.01629EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.5 views

PT-2026-25743

microsoftupdate securityupdate Edge Microsoft Edge Stable Channel Version 146.0.3856.59 ・CVE-2025-0385 ・CVE-2026-3910 「The Chromium team reported that CVE-2026-3910 has an exploit in the wild, and this update contains a fix for it.」...

8.8CVSS5.8AI score0.02EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/03/14 5:11 a.m.16 views

Chromium: CVE-2026-3910 Inappropriate implementation in V8

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware that an exploit for CVE-2026-3910 exists in the wild...

8.8CVSS6.1AI score0.02EPSS
Exploits0
Information Security Automation
Information Security Automation
added 2026/03/12 3:14 p.m.11 views

About Elevation of Privilege - Desktop Window Manager (CVE-2026-21519) vulnerability

About Elevation of Privilege - Desktop Window Manager CVE-2026-21519 vulnerability. The vulnerability is from the February Microsoft Patch Tuesday. Desktop Window Manager is a compositing window manager included in Windows starting with Windows Vista. A Type Confusion error CWE-843 in Desktop...

7.8CVSS6AI score0.0242EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/11 12:0 a.m.7 views

VisualLeakBench: Auditing the Fragility of Large Vision-Language Models against PII Leakage and Social Engineering

As Large Vision-Language Models LVLMs are increasingly deployed in agent-integrated workflows and other deployment-relevant settings, their robustness against semantic visual attacks remains under-evaluated -- alignment is typically tested on explicit harmful content rather than privacy-critical...

5.9AI score
Exploits0
Information Security Automation
Information Security Automation
added 2026/03/09 10:59 p.m.12 views

About Remote Code Execution – Windows Shell (CVE-2026-21510) vulnerability

About Remote Code Execution - Windows Shell CVE-2026-21510 vulnerability. A vulnerability from the February Microsoft Patch Tuesday. The Windows Shell is the primary interface through which users interact with the Windows operating system. It includes visible elements such as the Desktop, Taskbar...

8.8CVSS6.6AI score0.25835EPSS
Exploits3
Information Security Automation
Information Security Automation
added 2026/03/02 10:4 p.m.9 views

About Remote Code Execution – Microsoft Word (CVE-2026-21514) vulnerability

About Remote Code Execution - Microsoft Word CVE-2026-21514 vulnerability. This vulnerability is from February Microsoft Patch Tuesday. Reliance on Untrusted Inputs in a Security Decision CWE-807 in Microsoft Office Word allows an unauthenticated attacker to bypass OLE security features when...

7.8CVSS6.2AI score0.01517EPSS
Exploits0
Rows per page
Query Builder